惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Y
Y Combinator Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Apple Machine Learning Research
Apple Machine Learning Research
Blog — PlanetScale
Blog — PlanetScale
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
G
Google Developers Blog
F
Full Disclosure
大猫的无限游戏
大猫的无限游戏
酷 壳 – CoolShell
酷 壳 – CoolShell
T
Threat Research - Cisco Blogs
A
Arctic Wolf
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Cloudflare Blog
博客园 - 【当耐特】
AWS News Blog
AWS News Blog
U
Unit 42
V
Vulnerabilities – Threatpost
P
Privacy International News Feed
T
Tor Project blog
Microsoft Security Blog
Microsoft Security Blog
宝玉的分享
宝玉的分享
Google DeepMind News
Google DeepMind News
爱范儿
爱范儿
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Recorded Future
Recorded Future
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
Latest news
Latest news
GbyAI
GbyAI
S
SegmentFault 最新的问题
MongoDB | Blog
MongoDB | Blog
N
Netflix TechBlog - Medium
Hacker News: Ask HN
Hacker News: Ask HN
美团技术团队
N
News | PayPal Newsroom
J
Java Code Geeks
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Microsoft Azure Blog
Microsoft Azure Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
The Hacker News
The Hacker News
The GitHub Blog
The GitHub Blog
V
V2EX
N
News and Events Feed by Topic
T
Troy Hunt's Blog
Security Latest
Security Latest
博客园 - 叶小钗
P
Palo Alto Networks Blog

PYMNTS.com

Treasury Calls for Programmable Financial Enforcement Across Crypto DeepSeek Seeks $20 Billion Valuation as Tech Giants Weigh Investment Google Accelerates Agentic AI Shift With New Enterprise Platform OpenAI Begins Briefing Governments on Cybersecurity Capabilities DeFi Security Suffers New Blow With $3 Million Volo Exploit Uninvited Users Access Anthropic’s Mythos AI Model Block and Uber Expand Partnership Across Several Global Markets OpenAI Pledges $1.5 Billion to PE Enterprise AI Project Podcast: Inside the $9 Billion DeFi Hack That’s Shaking Crypto’s Foundations Synchrony CFO Flags Momentum in Spending and Credit Banks Risk Slowing the Emerging Middle Market Firms Driving Growth Paysafe Expands Digital Wallet Availability Across 18 European Markets Bad Data Can Break Good AI in Payments 50% More Digital Shopping Days Put Parents at the Center of Retail’s Shift 65% Call Insurance Essential. Why Most Spending Isn’t So Clear-Cut Amazon Recasts Marketplace Fraud as a Broader Trust Problem Capital One’s Q1 Shifts Attention From Spending to Strategy Lawmakers Question JetBlue About Surveillance Pricing Allegations Small Businesses Stop Chasing Amazon on Delivery Speed Google Embeds AI Into Chrome for 3.5 Billion Users Adobe Plans Outcome-Based Pricing for New AI Product Suite UnitedHealth Spends $1.5 Billion on AI and Wants Double Back MiCA Forces Crypto Firms to Get Licensed or Get Out Prediction Market Kalshi Targets Crypto Perpetuals New York Sues Coinbase and Gemini Over Prediction Markets Amazon and Anthropic Deepen Ties With Investment and Hardware Pact Agentic B2B Is Here. Are Your Contracts and Invoices Ready? Apple Hardware Leader John Ternus to Succeed CEO Tim Cook The Web Is Gaslighting AI Agents and Nobody Can Tell OCC Enters the Interchange Fight and Raises the Stakes Amazon Dismisses New Evidence in California Antitrust Suit AI Finds Its Best Customer on Main Street Coinbase Opens Services Marketplace for Agentic Commerce Feds Start Processing $127 Billion in Tariff Refunds for Importers Payments Modernization Is Insurance’s Next Big Margin Engine How Visa Is Rewiring Bank Infrastructure for the AI Era Instant Payments Grow but the Real Barrier Is Human The Old-School Card Product Banks May Need Most 43% of SMBs Would Pay to Make Purchases in Installments The Real AI Edge in Payments Comes From Better Judgment In the Age of Agentic AI, Data Control Is Power Verizon’s Dan Schulman Tells CEOs to Be Open About AI Job Cuts Walmart Eyes Stores as Warehouse Space for Same-Day Delivery France’s CB Payments Network Aims to Take on Visa/Mastercard in EU QVC Was TikTok Shop Before TikTok Shop Loop Raises $95 Million to Bridge Supply Chain Data Gap Cursor Eyes $50 Billion Valuation as AI Coding Demand Surges Commercial Lending Rescues Regional Banks From Consumer Slowdown Anthropic and White House Aim to Make Peace in Friday Meeting Home Depot Buys SIMPL Automation to Support Same-Day Delivery The Riskiest Words in B2B: This Is How We’ve Always Done It France Urges Euro Stablecoins to Break Dollar Dependency Importers Prep for Monday Opening of Tariff Refund Portal Permitting Hurdles and Labor Shortages Threaten AI Data Center Timelines Token Freezes Force CFOs to Rethink Stablecoin Risk X Money Tests Whether Social Commerce Can Hold Consumer Deposits Anthropic Briefs EU Regulators on Mythos Cybersecurity Concerns Welcome to Vibe Ordering, ChatGPT Is Taking Your Order Now Nvidia Says AI Can Finally Make Quantum Computing Work QVC Files Chapter 11 to Slash Debt and Pursue Growth Uber Eats Lets Customers Return Their Retail Purchases Financial Officials Sound Alarm About Anthropic’s Banking Risk 71% of Billion-Dollar Firms Face Agent Identity Threats OpenAI Targets Pharma Giants With Purpose-Built AI Model California Claims Amazon Punishes Sellers for Lower Prices on Other Sites CFTC Chairman Says AI Helps Agency Run More Like a Business Global Finance Chiefs Call for Mythos Information Sharing Big Bank Earnings Show Digital Activity Drives Deposits OCC Clears JPMorgan Chase After Trade Surveillance Program Upgrade Accounts Receivable Gets an AI Upgrade BNY’s AI Strategy Signals a New Era of Platform Banking Bank of England Probes AI Threats to UK Financial Stability Rising AI Adoption Is Driving Up Enterprise Costs Google Faces EU Order to Share Search Data With Rivals Delivery Robots Lead Grab’s AI Expansion Circle Chief Says China Could Issue Stablecoin in 3 to 5 Years Amex Acquires Hyper to Boost AI and Expense Management Offerings Anthropic Ready to Offer Mythos to British Banks Issuers Face a New Reality as Credit Goes Real Time How Payments Gaps Are Limiting Deposit Growth at Community Banks AI May Run Payments but Humans Still Own the Risk 90% of Millennials Feel Pressure at the Grocery Store The New Checkout Is Where the Best Offer Wins Apple Pushes Siri Programmers to Adopt AI Coding Tools Amazon Sellers Protest Policy Changes With One-Day Ad Boycott FanDuel and DraftKings Fund $41 Million Lobbying Effort by Super PAC Live Nation Loses Antitrust Case Brought by 33 States Fed Beige Book Finds Tax Refund Relief Running Into Higher Gas Prices Anthropic’s New Design Tool Rivals Adobe and Figma Goldman Sachs Seeks SEC Approval for New Bitcoin ETF What AI-Driven Attack Chains Mean for CFOs and CISOs Healthcare’s AI Boom Moves From Bedside to Back Office Accel Prepares to Pour $5 Billion Into Global AI Breakouts Nearly 4 in 10 Financially Stressed Shoppers Choose Walmart Over Amazon Synchrony Bets on Teachers to Fix Financial Literacy Mastercard’s Mark Barnett Says the Real Currency for SMBs Is Payment Timing SoFi Uses Galileo to Power Real-Time FedNow Transfers Palo Alto Founder Eyes Liberty Bank for AI Banking Experiment Surcharge Surge Hits Consumers as Fee Fatigue Sets In Walmart CFO Says Marketplace Revenue Up 20% Over 2025
Why Banks Can’t Rely on One-Time Passwords Anymore
PYMNTS · 2026-04-23 · via PYMNTS.com

Banks are confronting a difficult reality: the one-time password, once treated as a reliable safeguard, is no longer sufficient to protect accounts in an environment shaped by automation and deception.

Schalk Nolte, CEO of Entersekt, made clear that the industry has long understood the limitations. “This is not new,” he said, noting that warnings about one-time passwords (OTPs) date back more than a decade.

What has changed is not the core weakness, but the intensity of its exploitation. “The major difference that we’re seeing now simply is the scale of the attack rather than the sophistication,” Nolte said. Bots can cycle through stolen credentials and repeatedly attempt logins until they can intercept or elicit a code.

A control that may have been adequate in a lower-volume threat environment now faces continuous pressure. The same vulnerabilities persist, but they are exercised far more frequently.

Why Banks Still Depend on OTPs

Despite these limitations, one-time passwords remain embedded in many authentication flows. Nolte attributed that persistence to operational convenience.

Advertisement: Scroll to Continue

“It’s easy to deploy,” Nolte said, adding that an OTP requires little from the customer beyond a mobile number.

That simplicity aligns with long-standing priorities around user experience. Institutions do not need customers to download applications or complete enrollment steps. In many cases, the process is immediate and familiar.

Cost also plays a role. OTP systems are inexpensive relative to more advanced authentication methods. For smaller banks and credit unions, the balance between cost, usability and security often leads to continued reliance on these tools.

Yet that balance introduces trade-offs. As institutions add more authentication prompts to compensate for risk, customers encounter repeated challenges that can diminish attention and trust.

Fatigue Weakens the Signal

Nolte pointed to a growing problem with overuse. The effect is a form of fatigue. Authentication requests lose their significance when they appear too frequently. Customers begin to respond automatically rather than thoughtfully, which undermines the purpose of the control.

This environment creates openings for fraudsters who rely less on technical exploits and more on persuasion.

Social Engineering Moves to the Forefront

According to Nolte, social engineering has become a primary method for bypassing OTP-based security. “Social engineering is unfortunately … something that gets past all of these things,” he told PYMNTS.

These attacks do not require breaking encryption or intercepting messages. Instead, they rely on convincing customers to share codes directly. The method exploits trust rather than infrastructure.

Nolte described a case in which a fraudster posed as a bank employee conducting a test. The customer was told to read back a one-time password to assist with a security check. “A couple of hundred thousand dollars later … it wasn’t a test,” he said.

The example underscores a broader weakness. When authentication depends on user cooperation without clear context, it becomes vulnerable to manipulation.

Making Authentication Context-Aware

To address these gaps, Nolte argued that institutions must move beyond static challenges and introduce intelligence into the process. “Make your dumb authentication smart,” Nolte advised.

The goal is to evaluate signals surrounding each interaction, including behavior, location and device characteristics. Authentication should adapt based on risk rather than apply uniformly across all transactions.

This approach allows banks to reduce unnecessary friction while focusing attention where it matters. Instead of prompting every user for every action, systems can escalate only when anomalies appear.

Nolte emphasized that there is no single solution. Different authentication methods address different risks, and institutions must combine them in a coordinated framework.

Layering Defenses Without Disrupting Customers

Entersekt’s approach, as described by Nolte, centers on integrating intelligence into existing authentication stacks rather than replacing them outright. The aim is to preserve the familiar user experience while improving decision-making behind the scenes.

“We plug into your authentication stack and make your  authentication stack smart,” he said. That includes incorporating behavioral analytics and broader data signals to identify suspicious activity.

The analogy he offered reflects the shift. Traditional systems resemble a generic alarm that signals a problem without identifying its cause. More advanced systems specify what is happening and how to respond.

This layered model also allows for gradual adoption. Banks can begin by enhancing existing controls and then introduce additional methods, such as passkeys or biometrics, as needed.

A Shift in How Banks Think About Security

The persistence of OTPs reflects a broader tension between convenience and protection. As fraud tactics expand, that balance is becoming harder to maintain with static tools.

Nolte framed the path forward as an incremental process that prioritizes intelligence and context. “Take what you have and augment this with something that provides intelligence,” Nolte told PYMNTS.